Israel: smart enough to create Stuxnet and stupid enough to use it

By Paul Woodward, October 1, 2010

Ever since speculation began, suggesting that Israel is the source of the Stuxnet malware, there has been a buzz of excitement in the Zionist corner of the blogosphere. The DEBKAfile — trusted source for pro-Israel fantasists all over the world — declared that if it turns out that millions of Iranian industrial units have been hit, “this cyber weapon attack on Iran would be the greatest ever.”

Glee at such a prospect is not shared by observers who lack the Zionist pathological obsession with Iran.

Stephen Spoonamore, a veteran cybersecurity consultant interviewed by NPR said: “I can think of very few stupider blowback decisions” than to release code that controls most of the worlds’ hydroelectric dams or many of the world’s nuclear plants or many of the world’s electrical switching stations.

The Stuxnet computer worm has wreaked havoc in China, infecting millions of computers around the country, state media reported this week.

Stuxnet is feared by experts around the globe as it can break into computers that control machinery at the heart of industry, allowing an attacker to assume control of critical systems like pumps, motors, alarms and valves.

It could, technically, make factory boilers explode, destroy gas pipelines or even cause a nuclear plant to malfunction.

The virus targets control systems made by German industrial giant Siemens commonly used to manage water supplies, oil rigs, power plants and other industrial facilities.

“This malware is specially designed to sabotage plants and damage industrial systems, instead of stealing personal data,” an engineer surnamed Wang at antivirus service provider Rising International Software told the Global Times.

“Once Stuxnet successfully penetrates factory computers in China, those industries may collapse, which would damage China’s national security,” he added.

Another unnamed expert at Rising International said the attacks had so far infected more than six million individual accounts and nearly 1,000 corporate accounts around the country, the official Xinhua news agency reported.

Jeffrey Carr, author of “Inside Cyber Warfare,” describes what he believes is the first example of Stuxnet’s destructive power: the loss of India’s INSAT-4B communications satellite which shut down in July. The satellite’s control systems use Siemens S7-400 PLC and SIMATIC WinCC software, both of which are targeted by Stuxnet.

If speculation that Stuxnet was created by Israel has been driven by the circumstantial evidence that Israel’s nemesis Iran appears to have been the primary target, there is now some subtle but concrete evidence again pointing in Israel’s direction.

Buried in Stuxnet’s code is a marker with the digits “19790509” that the researchers believe is a “do-not infect” indicator. If the marker equals that value, Stuxnet stops in its tracks, and does not infect the targeted PC.

“While on May 9, 1979, a variety of historical events occurred, according to Wikipedia “Habib Elghanian was executed by a firing squad in Tehran sending shock waves through the closely knit Iranian Jewish community,” the researchers wrote.

Elghanian, a prominent Jewish-Iranian businessman, was charged with spying for Israel by the then-new revolutionary government of Iran, and executed May 9, 1979.

Deep inside the computer worm that some specialists suspect is aimed at slowing Iran’s race for a nuclear weapon lies what could be a fleeting reference to the Book of Esther, the Old Testament tale in which the Jews pre-empt a Persian plot to destroy them.

That use of the word “Myrtus” — which can be read as an allusion to Esther — to name a file inside the code is one of several murky clues that have emerged as computer experts try to trace the origin and purpose of the rogue Stuxnet program, which seeks out a specific kind of command module for industrial equipment.

Not surprisingly, the Israelis are not saying whether Stuxnet has any connection to the secretive cyberwar unit it has built inside Israel’s intelligence service. Nor is the Obama administration, which while talking about cyberdefenses has also rapidly ramped up a broad covert program, inherited from the Bush administration, to undermine Iran’s nuclear program. In interviews in several countries, experts in both cyberwar and nuclear enrichment technology say the Stuxnet mystery may never be solved.

There are many competing explanations for myrtus, which could simply signify myrtle, a plant important to many cultures in the region. But some security experts see the reference as a signature allusion to Esther, a clear warning in a mounting technological and psychological battle as Israel and its allies try to breach Tehran’s most heavily guarded project. Others doubt the Israelis were involved and say the word could have been inserted as deliberate misinformation, to implicate Israel.

The same report cites Shai Blitzblau, the technical director and head of the computer warfare laboratory at Maglan, an Israeli company specializing in information security, who said he was “convinced that Israel had nothing to do with Stuxnet.”

“We did a complete simulation of it and we sliced the code to its deepest level,” he said. “We have studied its protocols and functionality. Our two main suspects for this are high-level industrial espionage against Siemens and a kind of academic experiment.”

Did Blitzblau present his findings at this week’s VB Conference in Vancouver where Stuxnet was the focus of attention? No — which is not surprising given his vacuous claim to have studied the code at its deepest level while other experts say it will take months to penetrate the thousands of lines of code contained in a 500kB piece of software.

As for why Israeli programmers would have inserted clues about about authorship deep inside the malware, the most obvious explanation would be the most prosaic: pride.

Even when the utmost secrecy is called for, there are those who cannot resist the temptation to leave their mark.

As for the significance of another finding — June 24, 2012 is the “kill date” after which the worm will refuse to execute — again, we can only speculate.

Is this the cut-off point for Israel’s campaign of cyber warfare against Iran after which will come the time for real war? Right in the run up to the 2012 US presidential election.

Comments

It would appear that the Stuxnet worm is extremely elegant and sophisticated. So sophisticated, in fact, that it needs to be triggered in order to infect. It may enter other computers which run Siemens SCADA software, but it does not harm them unless specifically ordered to do so. Therein the elegance: every other virus or worm cannot be controlled once launched. Stuxnet can. Which means — if reports are to be believed and it is an Israeli creation — all significant Iranian command and control systems are now being controlled in Jerusalem.

A deadly worm, but only if you’ve got nuclear ambitions and a tendency to spew hatred for the “Zionist entity” (Israel) and threaten the State of Israel with destruction. Iran has been sowing the wind for thirty years; they have no right to complain or feel aggrieved when the time comes to reap the whirlwind. Which it has. Couldn’t happen to a nicer bunch of Islamofascists. The best part? Iran’s nuclear ambitions have come to a screeching halt — without the loss of a single life. How sweet is that?

Paul Wrote:
Leonard: “Is there something about how this list operates that I don’t understand?”

Yes, firstly, it’s not a list. It’s a blog on which I provide commentary on news items and readers are welcome to contribute comments. Any comment that contains a link will automatically go into moderation in order to filter spam.

Leonard writes:
OK Paul, thanks for the explanation. It looked otherwise to me and the continuity of the responses has seemd to me to get distorted. I take responsibility for being a tad sensitive about what your blog is all about and my Jewish vigilance has led me to suspect what I’ll call unfair tactics made possible by your ability to control what happens here. If I’m wrong consider this an apology.

Paul wrote:
You profess an interest in dialogue yet you’ve suggested I’m a sophist — though reassured me you don’t wish me dead. That’s a strange position to put yourself in — needing to write, “not that I wish you dead”.

Leonard writes:
Well I guess that drew you out. You challenged me but didn’t respond to my challenges to you. Let’s look at the dead issue in context. Below is what I wrote.

“I haven’t been able to find the section of your web site where you wrote about yourself using the word. I suspect it’s accurate. Is it anything like being a “sophist”? Sophistry was the crime Socrates was accused and convicted of, resulting in being sentenced to drink the hemlock. The indictment read that he “…makes the worse appear the better cause.” Describes lawyers too and we know that the Bard wanted all of them to drink hemlock or maybe ingest lead, truly not that I wish you dead, the Little Hitler sure, but not you. In other words Sophists collect facts and then arrange them in such an innovative way as to create a context for them that expresses the point of view they held in the first place, not a bad definition of very intelligent prejudice maintenance.”

Paul, as there is more than a bit of heat here on this blog, my reference to dead was an attempt to reassure you that in speaking of Socrates (who I much admire though if I were him I would have gotten out of Dodge rather than drink the hemlock) I was not wishing the same fate on you though I do detect sophistry in some of your stuff. “Sophist” is not the same as “liar”. A liar deliberately states as facts things he/she knows to be false. Here is how the Oxford Dictionary defines “sophist”:

“sophist (soph·ist)
noun
a paid teacher of philosophy and rhetoric in ancient Greece, associated in popular thought with moral skepticism and specious reasoning
a person who reasons with clever but fallacious arguments ”

(I won’t provide the link so as not to be moderated in case I’m spam. but I know you can find the Oxford Dictionary online.)

For all I know you really believe your arguments, in which case my saying you’re wrong is not the same as saying you’re a liar Paul. Though I do not have any basis for calling you a liar I believe I do have a basis for pointing to a bit of sophistry. So your argument/suggestion about the meaning of my saying I don’t wish you dead is either based on a serious misunderstanding, (I hope not a projection) or sophistry.

Paul wrote:
Have you ever come across a self-described sophist? I haven’t. It’s a bit like being a self-described liar. And just to be clear: my question is rhetorical. Both you and I know that in this era “sophist” is exclusively a pejorative term.

Leonard writes:
Paul before I went to grad school to become a psychologist I went to grad school to become a philosopher. (It didn’t last) I don’t recall other instances of the modern use of the word. Consider that I was talking about you in the contect of what Plato wrote about Socrates. While my use of the word wasn’t complimentary, (unless you consider my admiration of your skill at it,) “pejorative” is more than a bit stronger than my attitude towards you warrants.

Paul wrote:
I saw a recent comment you made in support of Caroline Glick’s op-ed supporting the neo-McCarthyist Im Tirtzu: “Give those academic head up their asses, ass kissing self-hating Jews hell.” If that’s the way you refer to Israeli Jews with whom you have political differences, it would be a tad naive on my part to imagine that you would engage me in an open-minded way.

Leonard writes:
Paul, I’m flattered that you have taken the effort to try to dig up some dirt on me. Are you interedted in a discussion (means two people participating) of my point of view leading to my being a cheer leader for Caroline Glick on that occasion? Right now I’ll just say it goes beyond politics. Though some of what I have written here touches on it I’m willing to have a discussion with you about what underlies my strong words about such characters as Chomsky, Finkelstein and the folks Gkick was writing about when I gave her a high five. By the way, once in a while I think Glick has her head up her ass, by which I mean that sometimes she like Debka gets a little hysterical, but neo-McCarthy is kinda strong name calling. And Paul, on the only occasion (apart from once going to the beach) on which I cut school in high school, I put on a suit and went to downtown Los Angeles to a HUAC inquisition. I was there in the hearing room less than fifteen minutes before whatever attitude I seem to have made plain drew two really large goons who lifted me out of my chair by my arms and then summarily and literally threw me out of the room. In Junior High during the height of Ole Joe’s rants I caused a stir by wearing a button that said, “McCarthy for Fuhrer.” Even then I had a thing about Hitler and McCarthy. Glick is no McCarthyite. You just don’t understand where she’s coming from.

So if you have enough respect to engage in a real conversation rather than challenge and then go silent, you may be sure of a respectful and open minded conversation in which we can both disagree without being disagreeable, or G-d forbid, we might even agree on some things. Here’s hoping. Any chance of getting a spell checker on your blog? Just kidding.

As it appeares our leaders may be pulling away under the cover of darkness because the thread seems to be fading, I want to say to Sarah, Yotam, Adina, Katorga it’s been a pleasure doing batting practice with you. If you guys, or others want to be in touch I’m atdrlbuns@gmail.com. Funny story behind that name.

Oh my G-d, I’m awaiting moderation again, well an email address explains it, so I can be reached at drlbuns @ gmail . com. Just push it all together. Not only the pervert code writers in Israel can at least try to be clever.

Iran represents the greatest threat to civilization as has ever been encountered. Clearly, you have issues with Jews and with Israel, but — hey? you know what? We’ve seen your kind come, and we’ve seen your kind go.

Eat your heart out. You contributed nothing of substance in your post except to spew vitriol against the State of Israel. Not worthy of a response. Being Jewish, I do have standards and I confess that they are petty high. You don’t meet the mark — I know an unrepentant and vicious Jew-hater when I read one. That would be you.

A small correction: you wrote that “every other virus or worm cannot be controlled once launched. Stuxnet can.”

This isn’t correct. In fact, it’s not unusual for viruses to be remotely controllable once launched. Do a Google for “botnet” eg. the largest known botnet, Mariposa, has infected ~11 million computers, and can be remotely told to execute arbitrary code.

Thanks for the correction. But if a virus or a worm executes arbitrary code, it is not targeted in the way that Stuxnet is. Stuxnet very deliberately seeks out particular systems and executes only against highly-specific targets. I am also given to understand that computers so infected cannot be “scrubbed.” It would appear that Stuxnet is the very first of this type of cyber warfare, and everything appears to indicate that it has crippled Iran, but has remained dormant in computers in other countries. If it is indeed an Israeli product, then kudos to them; they have shut down Iran’s nuclear program (arguably the greatest threat to civilization that exists today) without the loss of a single life. Not too shabby. I think it may very well be Israeli, because certain computer experts are syggesting that Israel took it for a test drive when they flew clear across Syria to dispatch Syria’s budding nuclear ambitions — without being detected.

it has come to my attention that my comment above -8:44 pm-
might give the impression i want something bad to happen
to israel or it’s current inhabitants
i absolutely do not
exactly the same way i do not wish war on anyone
iran included
was it really necessary to attack me
in such a personal manner sarah ?

you may find in the end
a real friend tells you the truth
when they see you going off the tracks

you may want to search your own heart
for all that hatred you ascribed to me

Turning and turning in the widening gyre
The falcon cannot hear the falconer;
Things fall apart; the centre cannot hold;
Mere anarchy is loosed upon the world,
The blood-dimmed tide is loosed, and everywhere
The ceremony of innocence is drowned;
The best lack all conviction, while the worst
Are full of passionate intensity.
Surely some revelation is at hand;
Surely the Second Coming is at hand.
The Second Coming! Hardly are those words out
When a vast image out of Spritus Mundi
Troubles my sight: somewhere in the sands of the desert.
A shape with lion body and the head of a man,
A gaze blank and pitiless as the sun,
Is moving its slow thighs, while all about it
Reel shadows of the indignant desert birds.
The darkness drops again; but now I know
That twenty centuries of stony sleep
were vexed to nightmare by a rocking cradle,
And what rough beast, its hour come round at last,
Slouches towards Bethlehem to be born?

Get ahold of yourself. Then, with that accomplished, please describe to me the criteria by which one would decide what nation or other collective group of people is the “greatest threat to civilization as [sic] has ever been encountered.” In addition, please expound on the undoubtedly rigorous analysis of objective evidence you undertook to evaluate possible threats to civilization using said criteria in arriving at Iran as the answer. Show your work. Otherwise, your statements start to look like so much noise.

Esteban, I feel your pain. That said, please know that I am the child of Jewish concentration camp survivors. I never knew my grandparents. I also grew up with no uncles, aunts, or cousins. There were no distant relations, anywhere. There were no close relations, anywhere, either. They were slaughtered. I think having a “damaged” grandfather might be better than having none. Your Please do not triviliaze what happened to the Jewish people — throughout the past two millennia including, I must say, on your own Ibenian peninsula. Contemplate as well the contributions that the Jewish people have made to mankind, despite abhorrent persecution and torment. How can you blame us for wishing to ensure our survival? What have the Iranians done for civilization lately (for lately, read “last millennia”)? Hanging people from jib cranes and stoning them to death? Curiously enough, there are no Nobel Prizes awarded for that. The Islamic Republic of Iran is responsible for the deaths of ten times the number of people that may have met their demise under the Shah. Perhaps even more than that.

I am sorry for the pain your family may have endured. But having a damaged, “broken” grandfather is better than having none at all.

Well, let’s see. As part of the Islamic revolution in Iran, the United States Embassy (which is to say, U.S. soil) was invaded by “students” (including, by the way, one Mahmoud Ahmedinejad). For the past thirty years, we have been regaled with rhetoric out of Teheran which includes existential threats to the State of Israel and threats to destroy the “Great Satan” (meaning the United States). We have been treated to mass executions conducted, sadly, publicly and in a most gruesome manner. While I am not a fan of the death penalty, I grant that it is a choice which is best left locally. That said, is it wrong to ask that executions be carried out mercifully and indoors? We are about to enter the year 2011, and I must say that I do not find hanging people from cranes in public, to slowly stangle, or stoning them to death, to be particularly civilized. Why is it necessary to sentence someone to 100 lashes AND death? Only a truly sadistic system would do that. Like Iran. Let us neither overlook the fact that the Islamic Republic has declared its intention to bring its “gentle” and “beneficial” form of Islam to the world. Well, honey bunny, I do not find the Iranians — or those who take their inspiration from them — to be civilized. I find them to be truly repulsive. Wrapping up their women like mummies? Refusing to educate girls (the Taliban, which has taken their “inspiration” from Iran)? Wanton massacre of Kurds, the Ba’hai, the Zoroastrians? Denial of the Holocaust? Yes, Iran is the greatest threat to civilization. Wild celebrations in the streets following the attacks on the United States on September 11? Is that YOUR idea of “civilized?” How about being a State sponsor of terror (Hamas and Hizbollah?) How about leveling a sentence of death upon an author (Salman Rushdie, “The Satanic Verses”? Or a cartoonist (there have been a few of those), even though some of the most vile and disgusting cartoons have emanated from — no less — the Islamic Republic of Iran.

Iran has repeatedly vowed its intent to “remove the Zionist entity (Israel)” from the map. They have vowed to “bring the United States to its knees.” They have murdered people left, right and center, with but a sham kangaroo court for a “trial.”

The faster this iteration of Iran is put down, the better. They are a threat to civilization. Do you find people who hurl ten year-old boys in front of tanks and then proclaim them to be “martyrs for the cause” to be worthy of praise? (Keep in mind this is exactly what Iran did in the waning days of the shame-faced draw of its war against Iraq.) Do you think that watching mullahs denigrate and despoil the bodies of the dead Americans who attempted to rescue the hostages in Iran was particularly civilized?

Frankly, I don’t. Most Islamic fundamentalism traces back to Iran. If that is what they want; fine. Just don’t foist it off on most of the rest of the world.

Yes, the Islamofascist Republic of Iran needs to go away — it is a threat to civilization. Unless you really think you’d like your wife and daughters to be denied the right to vote, wrapped up like mummies, denied entry into college, and told their sole purpose in life is to be subservient to their husbands and to bear child after child after child after child.

Threat to civilization? Oh yes. Please tell me a single thing that Iran has contributed to civilization — attempting to destroy it does not count — in thirty years.

Finally — I don’t need to produce “evidence.” The Iranians proudly trumpet it to the world.

Sarah – let me cite one fact about Iran that you clearly never heard: the majority of university graduates are women.

Women’s rights in Iran have taken a battering since Ahmadinejad replaced Khatami, but even while there are abominations such as the conviction of Sakineh Mohammadi Ashtiani, women in Iran are still more empowered than in most neighboring countries.

If women’s rights and Islamic extremism are your deepest concerns, you should be directing much more of your attention to Saudi Arabia than Iran.

“What have the Iranians done for civilization lately (for lately, read “last millennia”),” you asked in another comment.

The scientific method was developed by Persian scientists. Without the scientific method, there would be no such thing as modern science. Their contributions to science over the last millenia are far too numerous to list.

As for contemporary Iran, a Canadian report published this year said “Iran is showing fastest worldwide growth in science.” The publication of scientific papers by Iran, which has grown exponentially in the last decade, has since 2007 exceeded the number being published by Israel.

Civilization exists in many forms and one of the ironies of the contemporary era is that those who speak loudest in the name of civilization’s defense, often exhibit little appetite for the pursuit of knowledge.

Nothing threatens civilization more than when people lose interest in educating themselves. Knowledge is what protects civilization — not missiles, bellicose language, or fear-mongering.

Why would you think that EU/India would ever join forces against Israel. Israel is an ally of India and most EU nations. Iran, Syria are world wide terror sponsor and irresponsbile states, that CANNOT be allowed to have a Nuclear weapon. The rest of the world is thrilled at this smooth take out. One would wish that Stuxnet was underground till the Busher plant went critical and rendered the reactor truly “Critical and uncontrolled”. Nothing would be better than to see the reactor nuke itself and self destruct. Moslem terrorist states should learn never to aspire for Nukes!

Daniel – You wrote: “Nothing would be better than to see the reactor nuke itself and self destruct.”

You really think that’s a good idea?

Another Chernobyl — but this one would send radioactive fallout across the Gulf, jeopardize the lives of people in all the surrounding states, and shut down the shipping lanes through which much of the world’s oil supply flows.